These release notes include important information about this IOS release and any limitations, restrictions, and caveats that apply to it. To verify that these are the correct release notes for your switch:

•If you are installing a new switch, refer to the IOS release label on the rear panel of your switch.

This IOS release is part of a special release of Cisco IOS software that is not released on the same 8-week maintenance cycle that is used for other platforms. As maintenance releases and future IOS releases become available, they will be posted to Cisco.com (previously Cisco Connection Online [CCO]) in the Cisco IOS software area.

Note This software release does not support the Catalyst 2950 LRE switches. For information about these switches, refer to the Catalyst 2950 LRE release notes.

Note The Catalyst 2955 switch is designed to operate with one or two power supplies. Each power supply input has an associated LED that shows power supply status. If you use the Catalyst 2955 switch with a single power supply, the LED for the empty secondary power supply input is red.

If you prefer that the LED for the empty power supply input not be red, connect jumper wires from the primary power supply input connections to the empty input connections for the secondary power supply. After making those connections, the secondary power supply status LED will also show the primary power supply status.

The minimum PC requirement is a Pentium processor running at 233 MHz with 64 MB of DRAM. The minimum UNIX workstation requirement is a Sun Ultra 1 running at 143 MHz with 64 MB of DRAM.

Operating System and Browser Support

You can access the web-based interfaces by using the operating systems and browsers listed in Table 4. The switch checks the browser version when starting a session to ensure that the browser is supported. If the browser is not supported, the switch displays an error message, and the session does not start.

Note If your browser is Internet Explorer and you receive an error message stating that the page might not display correctly because your security settings prohibit running activeX controls, this might mean that your security settings are set too high. To lower security settings, go to Tools > Internet Options, and select the Security tab. Select the indicated Zone, and move the Security Level for this Zone slider from High to Medium (the default).

Note In Cluster Management displays, Internet Explorer versions 4.01 and 5.0 might not display edge devices that are not connected to the command switch. Other functionality is similar to that of Netscape Communicator.

Guidelines for Installing and Enabling the Java Plug-In

If CMS does not launch automatically, you might not have a supported Java Plug-In installed or the Java Plug-In might not be enabled. CMS does not automatically detect if a supported Java plug-in is installed. If you start CMS without the required Java plug-in installed, the CMS splash screen stays open, and CMS does not launch.

To make sure that a supported Java Plug-In is correctly installed and enabled, follow these guidelines:

•If you are using a supported browser and are connected to the Internet, click the Java Plug-In link to download, and install a supported Java Plug-In.

•If you have installed the Java plug-in but CMS still does not launch, make sure that the plug-in is enabled by selecting Start > Settings > Control Panel > Java Plug-in. Click the Basic tab, select Enable Java Plug-in, and click Apply.

•To verify that a supported version of the Java Plug-In is installed, select Start > Settings > Control Panel. The Java Plug-In is listed with the version number in the Control Panel menu.

Note Uninstall any older versions of the Java plug-ins before installing the new Java plug-in.

If the Java applet does not initialize after you have installed the plug-in, open the Java Plug-in Control Panel (Start > Programs > Java Plug-in Control Panel), and verify these settings:

In the Proxies tab, verify that the Use browser settings is checked and that no proxies are enabled.

Note If you are running an Internet virus checker on Windows 2000 and the plug-in takes a long time to load, you can speed up CMS operation by disabling the virus checker filter option or download option or both.

To install the Java plug-in, follow the instructions in the README_FIRST.txt file.

Creating Clusters with Different Releases of IOS Software

When a cluster consists of Catalyst 3550 switches and a mixture of other Catalyst switches, we strongly recommend using only the Catalyst 3550 switches as the command and standby command switches. When the command switch is a Catalyst 3550 switch, all standby command switches must also be Catalyst 3550 switches. The Catalyst 3550 switch that has the latest software should be the command switch.

If your cluster has Catalyst 2950, Catalyst 2955, Catalyst 2900 XL, and Catalyst 3500 XL switches, the Catalyst 2950 switch that has the latest software should be the command switch.

If your switch cluster has Catalyst 1900, Catalyst 2820, Catalyst 2900 XL, and Catalyst 3500 XL switches, either the Catalyst 2900 XL or Catalyst 3500 XL should be the command switch. The Catalyst 2900 or 3500 XL switch that has the latest software should be the command switch.

Table 5 lists the cluster capabilities and software versions for the switches.

1Catalyst 2900 XL (4-MB) switches appear in the front-panel and topology views of CMS. However, CMS does not support configuration or monitoring of these switches.

Some versions of the Catalyst 2900 XL software do not support clustering, and if you have a cluster with switches that are running different versions of IOS software, software features added on the latest release might not be reflected on switches running the older versions. For example, if you start Visual Switch Manager (VSM) on a Catalyst 2900 XL switch running Release 11.2(8)SA6, the windows and functionality can be different from a switch running Release 12.0(5)WC(1) or later.

Note The CMS is not forward-compatible, which means that if a member switch is running a software version that is newer than the release running on the command switch, the new features are not available on the member switch. If the member switch is a new device supported by a software release that is later than the software release on the command switch, the command switch cannot recognize the member switch and it is displayed as an unknown device in the Front Panel view. You cannot configure any parameters or generate a report through CMS for that member; instead, you must launch the Device Manager application to perform configuration and obtain reports for that member.

Note Before downloading software, read this section for important information.

Note The Catalyst 2950-12 and Catalyst 2950-24 switches cannot be upgraded to Release 12.1(6)EA2, Release 12.1(6)EA2a, or Release 12.1(6)EA2b. They can be upgraded to Release 12.1(6)EA2c or later.

Guidelines for Downloading Switch Software

When using CMS to upgrade multiple switches from the Cisco TFTP server, the Cisco TFTP server application can process multiple requests and sessions. When using CMS to upgrade multiple switches from the Cisco TFTP server, you must first disable the TFTP Show File Transfer Progress and the Enable Logging options to avoid TFTP server failures. If you are performing multiple-switch upgrades with a different TFTP server, it must be capable of managing multiple requests and sessions at the same time.

When you upgrade a switch, the switch continues to operate while the new software is copied to Flash memory. If Flash memory has enough space, the new image is copied to the selected switch but does not replace the running image until you reboot the switch. If a failure occurs during the copy process, you can still reboot your switch by using the old image. If Flash memory does not have enough space for two images, the new image is copied over the existing one. Features provided by the new software are not available until you reload the switch.

If a failure occurs while copying a new image to the switch, and the old image has already been deleted, refer to the "Recovering from Corrupted Software" section in the "Troubleshooting" chapter of the Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide.

Note If you are upgrading a switch that is running a release earlier than Release 12.1(11)EA1, this release includes a bootloader upgrade. The bootloader can take up to 30 seconds to upgrade.

Caution Do not power cycle the switch while you are copying an image to the switch. If a power failure occurs while you are copying the software image to the switch, call Cisco Systems immediately.

Determining the Software Version and Feature Set

The IOS image is stored as a .bin file in a directory that is named with the IOS release. A subdirectory contains the HTML files needed for web management. The image is stored on the system board Flash device (flash:).

You can use the show version user EXEC command to see the software version that is running on your switch. In the display, check the line that begins with System image file is. This line shows the directory name in Flash memory where the image is stored. A couple of lines below the image name, you see Running Enhanced Image ifyou are running the EI or Running Standard Image ifyou are running the SI.

Note Although the show version output always shows the software image running on the switch (SI or EI), the model name shown at the end of this display is the factory configuration and does not change if you upgrade the software image.

You can also use the dir filesystem: privileged EXEC command to see the directory names of other software images that you might have stored in Flash memory.

Which Files to Use

The upgrade procedures in these release notes describe how to perform the upgrade by using a combined .tar file. This file contains both the IOS image file and the HTML files (needed for the CMS). You must use the combined .tar file to upgrade the switch through the CMS.

The .tar file is an archive file from which you can extract files by using the archive tar command.

Note If you are upgrading from a release earlier than Release 12.1(6)EA2, use the tar command instead of the archive tar command.

Upgrading a Switch by Using CMS

You can upgrade switch software by using CMS. From the menu bar, select Administration > Software Upgrade. For detailed instructions, click Help.

If you are using Cluster Manager to upgrade a switch cluster, you can use the Software Upgrade feature to upgrade all or some of the switches in a cluster at once. Consider these conditions when doing an upgrade:

•You cannot upgrade Catalyst 2950, Catalyst 2955, Catalyst 2900 XL, and Catalyst 3500 XL switches at the same time. However, you can group together and upgrade Catalyst 1900 and Catalyst 2820 switches at the same time.

•Upgrade Catalyst 1900 and Catalyst 2820 switches last. To function efficiently, these switches need to be rebooted shortly after the upgrade occurs. If you do not click Reboot Cluster in 30 seconds after the upgrade, the Catalyst 1900 and Catalyst 2820 switches automatically reboot.

•For Catalyst 2950, Catalyst 2955, Catalyst 2900 XL, and Catalyst 3500 XL switches, enter the image_name.tar filename in the New File Name field. The .tar file contains both the IOS image and the web-management code.

•For Catalyst 1900 and Catalyst 2820 switches, enter the image_name.bin filename in the New File Name field. The .bin file contains the software image and the web-management code.

Follow these steps to use Cluster Manager to upgrade software. Refer to the online help for more details.

You can enter just the filename or a pathname into the New Image File Name field. You do not need to enter a pathname if the image file is in the directory that you have defined as the TFTP root directory.

Note If you are upgrading a switch that is running a release earlier than Release 12.1(11)EA1, this release includes a bootloader upgrade. The bootloader can take up to 30 seconds to upgrade.

Caution Do not power cycle the switch while you are copying an image to the switch. If a power failure occurs when you are copying the software image to the switch, call Cisco Systems immediately.

Note You can also use Device Manager to upgrade a single switch by following the same software upgrade procedure.

Step 3 Close your browser after the upgrade process is complete.

Upgrading a Switch by Using the CLI

To download switch software by using the CLI, follow these procedures in this order:

Use the archivetar command to extract the IOS image and the HTML files from the .tar file during the TFTP copy to the switch. If you are upgrading from a release earlier than Release 12.1(6)EA2, use the tar command instead of the archive tar command.

If the upgrade to the new software fails or if the new startup configuration fails, you can reinstall the previous version of the switch software and use the copy of the startup configuration file to start the switch. If a failure occurs while copying a new image to the switch, and the old image has already been deleted, see the "Guidelines for Downloading Switch Software" section.

If you are upgrading a member switch in a switch cluster, because a member switch might not be assigned an IP address, command-line software upgrades through TFTP are managed through the command switch.

Downloading the Software and TFTP Server Application

This procedure is for copying the combined .tar file to the Catalyst 2950 or Catalyst 2955 switch. You copy the file to the switch from a TFTP server and extract the files. You can download an image file and replace or keep the current image.

Follow these steps to download the software and, if necessary, the TFTP server application, from Cisco.com to your management station: Use Table 6 to identify the files that you want to download.

Step 1 Download the files from one of these locations:

•If you have a SmartNet support contract, go to this URL, and log in to download the appropriate files:

http://www.cisco.com/kobayashi/sw-center/sw-lan.shtml

•If you do not have a SmartNet contract, go to this URL, follow the instructions to register on Cisco.com, and download the appropriate files:

http://www.cisco.com/public/sw-center/sw-lan.shtml

To download the files, select Catalyst 2950 Software for a Catalyst 2950 switch or Catalyst 2955 Software for a Catalyst 2955 switch.

Step 2 Use the CLI or the web-based interface to perform a TFTP transfer of the file or files to the switch after you have downloaded them to your PC or workstation.

The readme.txt file describes how to download the TFTP server application. New features provided by the software are not available until you reload the software.

Copying the Current Startup Configuration from the Switch to a PC or Server

When you make changes to a switch configuration, your changes become part of the running configuration. When you enter the command to save those changes to the startup configuration, the switch copies the configuration to the config.text file in Flash memory. To ensure that you can recreate the configuration if a switch fails, you might want to copy the config.text file from the switch to a PC or server.

This procedure requires a configured TFTP server such as the Cisco TFTP server available on Cisco.com.

Beginning in privileged EXEC mode, follow these steps to copy a switch configuration file to the PC or server that has the TFTP server application:

Step 1 Copy the file in Flash memory to the root directory of the TFTP server:

switch# copy flash:config.text tftp

Step 2 Enter the IP address of the device where the TFTP server resides:

Address or name of remote host []? ip_address

Step 3 Enter the name of the destination file (for example, config.text):

Destination filename [config.text]? yes/no

Step 4 Verify the copy by displaying the contents of the root directory on the PC or server.

Using the CLI to Upgrade a Catalyst 2950 or Catalyst 2955 Switch

Use this procedure for upgrading Catalyst 2950 or Catalyst 2955 switches by copying the .tar file to the switch. You copy the files to the switch from a TFTP server and extract the files by entering the archive tar command, with these results:

•Changes the name of the current image file to the name of the new file that you are copying and replaces the old image file with the new one. Perform this step only if you have space available on your switch.

•Disables access to the HTML pages and deletes the existing HTML files before the software upgrade to avoid a conflict if users access the web pages during the software upgrade.

•Reenables access to the HTML pages after the upgrade is complete.

Note If you are upgrading a switch that is running a release earlier than Release 12.1(11)EA1, this release includes a bootloader upgrade. The bootloader can take up to 30 seconds to upgrade.

Caution Do not power cycle the switch while you are copying an image to the switch. If a power failure occurs when you are copying the software image to the switch, call Cisco Systems immediately.

Note The image names in this section are for the Catalyst 2950. Follow the same steps to upgrade a Catalyst 2955. See Table 6 for the Catalyst 2955 image file names.

Follow these steps to upgrade the switch software by using a TFTP transfer:

Step 1 If your PC or workstation cannot act as a TFTP server, copy the file to a TFTP server to which you have access.

Step 2 Access the CLI by starting a Telnet session or by connecting to the switch console port through the RS-232 connector.

To start a Telnet session on your PC or workstation, enter this command:

server% telnet switch_ip_address

Enter the Telnet password if you are prompted to do so.

Step 3 Enter privileged EXEC mode:

switch> enable
switch#

Enter the password if you are prompted to do so.

Step 4 Remove the HTML files:

switch# delete flash:html/*

Press Enter to confirm the deletion of each file. Do not press any other keys during this process.

Step 5 Enter this command to copy the new image and HTML files to Flash memory:

Caution As shown in the following example, the
archive tar command copies the .tar file that contains both the image and the HTML files. If you are upgrading from a release earlier than Release 12.1(6)EA2, use the
tar command instead of the
archive tar command.

switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.

Step 8 Enter the boot command with the name of the new image filename:

switch(config)# boot system flash:new_image

For example:

switch(config)# boot system flash:c2950-i6q4l2-mz.121-12c.EA1.bin

Note If the show boot command entered in Step 6 displays no image name, you do not need to enter this command; the switch automatically finds the correct file to use when it resets.

Step 9 Return to privileged EXEC mode:

switch(config)# end

Step 10 Reload the new software with this command:

switch# reload
System configuration has been modified. Save? [yes/no]:y
Proceed with reload? [confirm]

Step 11 Press Return to confirm the reload.

Your Telnet session ends when the switch resets.

After the switch reboots, use Telnet to return to the switch, and enter the show version user EXEC command to verify the upgrade procedure. If you have a previously opened browser session to the upgraded switch, close the browser, and start it again to ensure that you are using the latest HTML files.

Note If you are upgrading a switch that is running a release earlier than Release 12.1(11)EA1, this release includes a bootloader upgrade. The bootloader can take up to 30 seconds to upgrade.

Caution Do not power cycle the switch while you are copying an image to the switch. If a power failure occurs when you are copying the image to the switch, call Cisco Systems immediately.

Note The image names in this section are for the Catalyst 2950. Follow the same steps to upgrade a Catalyst 2955. See Table 6 for the Catalyst 2955 image file names.

Follow these steps to upgrade the software on a member switch:

Step 1 In privileged EXEC mode on the command switch, display information about the cluster members:

switch# show cluster members

From the output, select the number of the member switch that you want to upgrade. The member number is in the SN column of the display. You need this member number for Step 2.

Step 2 Log in to the member switch (for example, member number 1):

switch# rcommand 1

Step 3 Enter privileged EXEC mode:

switch> enable
switch#

Enter the password if you are prompted to do so.

Step 4 Display the name of the running (default) image file (BOOT path-list). This example shows the name in italic:

switch# show boot
BOOT path-list: flash:current_image

Config file: flash:config.text

Private Config file: flash:private-config.text

Enable Break: no

Manual Boot: no

HELPER path-list:

NVRAM/Config file

buffer size: 32768

Step 5 If there is no software image defined in the BOOT path-list, enter dir flash: to display the contents of Flash memory.

Step 6 Using the exact, case-sensitive name of the .tar file that you downloaded, rename the running image file to that name, and replace the .tar extension with .bin. The image filename is then the same as the downloaded filename but with a .bin extension. This step does not affect the operation of the switch.

Note Perform this step only if you have space available on your switch and want to retain a copy of the old image.

Step 7 Display the contents of Flash memory to verify the renaming of the file:

switch# dir flash:

Directory of flash:/

3 drwx 10176 Mar 01 2001 00:04:34 html

6 -rwx 2343 Mar 01 2001 03:18:16 config.text

171 -rwx 1667997 Mar 01 2001 00:02:39 c2950-i6q4l2-mz.121-12c.EA1.bin

7 -rwx 3060 Mar 01 2001 00:14:20 vlan.dat

172 -rwx 100 Mar 01 2001 00:02:54 env_vars

7741440 bytes total (4788224 bytes free)

Step 8 Enter global configuration mode:

switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.

Step 9 Enter the boot command with the name of the new image filename:

switch(config)# boot system flash:new_image

For example:

switch(config)# boot system flash:c2950-i6q4l2-mz.121-12c1.EA1.bin

Note If the show boot command entered in Step 6 displays no image name, you do not need to enter this command; the switch automatically finds the correct file to use when it resets.

Step 10 Return to privileged EXEC mode:

switch(config)# end

Step 11 Remove the HTML files:

switch# delete flash:html/*

Press Enter to confirm the deletion of each file. Do not press any other keys during this process.

Step 12 Start the TFTP copy function as if you were initiating it from the command switch.

Caution In this step, the
archive tar command copies the .tar file that contains both the image and the HTML files. If you are upgrading from a release earlier than Release 12.1(6)EA2, use the
tar command instead of the
archive tar command.

switch-1# reload
System configuration has been modified. Save? [yes/no]:y
Proceed with reload? [confirm]

Press Enter to start the download.

You lose contact with the switch while it reloads the software. For more information on the rcommand command, refer to the Catalyst 2950 and Catalyst 2955 Switch Command Reference.

Upgrading Catalyst 1900 or Catalyst 2820 Member Switches

Follow these steps to upgrade the software on a Catalyst 1900 or Catalyst 2820 member switch:

Step 1 In privileged EXEC mode on the command switch, display information about the cluster members:

switch# show cluster members

From the display, select the number of the member switch that you want to upgrade. The member number is in the SN column of the display. You need this member number for Step 2.

Step 2 Log in to the member switch (for example, member number 1):

switch# rcommand 1

Step 3 For switches running the standard edition software, enter the password (if prompted), access the Firmware Configuration menu from the menu console, and perform the upgrade. Follow the instructions in the installation and configuration guide that shipped with your switch. When the download is complete, the switch resets and begins using the new software.

The Telnet session accesses the menu console (the menu-driven interface) if the command switch password is privilege level 15. If the command switch password is privilege level 1, you are prompted for the password.

You lose contact with the switch while it reloads the software.

Step 4 For switches running Enterprise Edition Software, start the TFTP copy as if you were initiating it from the member switch:

switch-1# copy tftp://host/src_file opcode

For example, copy tftp://spaniel/op.bin opcode downloads new system operational code op.bin from the host spaniel.

You should see the TFTP successfully downloaded operational code message. When the download is complete, the switch resets and begins using the new software. If this message does not appear, refer to the installation and configuration guide that shipped with your switch for more information.

You can also upgrade the switch software through the Firmware Configuration menu from the menu console. For more information, refer to the installation and configuration guide that shipped with your switch.

You lose contact with the switch while it reloads the software.

Recovering from Software Failure

If the software fails, you can reload the software. For detailed recovery procedures, refer to the "Troubleshooting" chapter in the Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide.

Installation Notes

You can assign IP information to your switch by using the setup program, the Dynamic Host Configuration Protocol (DHCP)-based autoconfiguration (refer to the Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide), or by manually assigning an IP address (refer to the Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide).

Setting Up the Catalyst 2950 or Catalyst 2955 Initial Configuration

The first time that you access the switch, it runs a setup program that prompts you for an IP address and other configuration information necessary for the switch to communicate with the local routers and the Internet. This information is also required if you plan to use the CMS to configure and manage the switch.

Note If the switch will be a cluster member managed through the IP address of the command switch, it is not necessary to assign IP information or a password. If you are configuring the switch as a standalone switch or as a command switch, you must assign IP information.

Follow these steps to create an initial configuration for the switch:

Step 1 Enter Yes at the first two prompts.

Would you like to enter the initial configuration dialog? [yes/no]: yes

At any point you may enter a question mark '?' for help.

Use ctrl-c to abort configuration dialog at any prompt.

Default settings are in square brackets '[]'.

Basic management setup configures only enough connectivity

for management of the system, extended setup will ask you

to configure each interface on the system.

Would you like to enter basic management setup? [yes/no]: yes

Step 2 Enter a host name for the switch, and press Return.

On a command switch, the host name is limited to 28 characters; on a member switch to 31 characters. Do not use -n, where n is a number, as the last character in a host name for any switch.

Enter host name [Switch]: host_name

Step 3 Enter a secret password, and press Return.

The password can be from 1 to 25 alphanumeric characters, can start with a number, is case sensitive, allows spaces, but ignores leading spaces.

Enter enable secret: secret_password

Step 4 Enter an enable password, and press Return.

Enter enable password: enable_password

Step 5 Enter a virtual terminal (Telnet) password, and press Return.

The password can be from 1 to 25 alphanumeric characters, is case sensitive, allows spaces, but ignores leading spaces.

Note If you have downloaded a new version of the CMS, you must clear your browser cache before launching the new CMS version.

The browser prompts for a username and password when you access CMS:

•If no username is configured on your switch (the default), you only need to enter the enable password in the appropriate field. For more information, see the "Displaying CMS" section.

•If you are not using the default method of authentication (the enable password), you need to configure the HTTP server interface with the method of authentication used on the switch. For more information, see the "Configuring the HTTP Server" section.

Limitations and Restrictions

You should review this section before you begin working with the switches. These are known limitations that will not be fixed, and there is not always a workaround. Some features might not work as documented, and some features could be affected by recent changes to the switch hardware or software.

IOS Limitations

You can configure up to 256 Multicast VLAN Registration (MVR) groups by using the mvr vlan group interface configuration command, but only 255 groups are supported on a Catalyst 2950 switch at one time. If you statically add a 256th group, and 255 groups are already configured on the switch, it continues trying (and failing) to add the new group.

The workaround is to set the mode to dynamic for Catalyst 2950 switches that are connected to IGMP-capable devices. The new group can join the multicast stream if another stream is dynamically removed from the group. (CSCdv45190)

Crypto Software Image Guidelines

The SSH feature uses a large amount of switch memory, which limits the number of VLANs, trunk ports, and cluster members that you can configure on the switch. Before you download the crypto software image, your switch configuration must meet these conditions:

•The number of trunk ports multiplied by the number of VLANs on the switch must be less than or equal to 128. These are examples of switch configurations that meet this condition:

–If the switch has 2 trunk ports, it can have up to 64 VLANs.

–If the switch has 32 VLANs, it can have up to 4 trunk ports.

•If your switch is a cluster command switch, it can only support up to eight cluster members.

Note A switch that runs the SI cannot run the crypto image. If a crypto image is loaded on an SI-only switch, the switch will perform a forced reload.

If your switch has a saved configuration that does not meet these conditions and you upgrade the switch software to the crypto software image, the switch might run out of memory. If this happens, the switch does not operate properly. For example, it might continuously reload.

The workaround is to check your switch configuration and ensure that it meets the listed conditions. (CSCdw66805)

Immediate-Leave Limitation

When the Internet Group Management Protocol (IGMP) Immediate-Leave is configured, new ports are added to the group membership each time a join message is received, and ports are pruned (removed) each time a leave message is received.

If the join and leave messages arrive at high rate, the CPU can become busy processing these messages. For example, the CPU usage is approximately 50 percent when 50 pairs of join and leave messages are received each second. Depending on the rate at which join and leave messages are received, the CPU usage can go very high, even up to 100 percent, as the switch continues processing these messages.

The workaround is to only use the Immediate-Leave processing feature on VLANs where a single host is connected to each port. (CSCdx95638)

RSPAN Limitation

In a Remote Switched Port Analyzer (RSPAN) session, if at least one Catalyst 2950 switch is used as an intermediate or destination switch and if traffic for a port is monitored in both directions, traffic does not reach the destination switch. (CSCdy38476)

These are the workarounds:

•Use a Catalyst 3550 or Catalyst 6000 switch as an intermediate or destination switch.

•Monitor traffic in only one direction if a Catalyst 2950 switch is used as an intermediate or destination switch.

ACL Limitations

Follow these guidelines for applying access control lists (ACLs) to interfaces:

•From IOS version 12.1(9)EA1d and later, you can create ACLs with access control entries (ACEs) that have different masks. However, these ACLs can only be applied to a management VLAN or to any traffic that is going directly to the CPU, such as SNMP, Telnet, or web traffic. (CSCdz06177)

•When you apply an ACL to a physical interface, some keywords are not supported, and certain mask restrictions apply to the ACLs. For information on creating ACLs for physical interfaces, refer to the "Creating a Numbered Standard ACL" section and the "Creating a Numbered Extended ACL" section of the software configuration guide for Release 12.1(9)EA1 or later. (CSCdw56650)

•You can apply ACLs to a management VLAN or to any traffic that is going directly to the CPU, such as SNMP, Telnet, or web traffic. For information on creating ACLs for these interfaces, refer to the "Configuring IP Services" section of the Cisco IOS IP and IP Routing Configuration Guide and the Command Reference for IOS Release 12.1.

Hardware and Software Compatibility Matrixes

Some switches are not supported by certain software releases. In Table 7 and Table 8, Yes means that the switch is supported by the software release; No means that the switch is not supported by the release.

Table 7 lists the Catalyst 2950-12, 2950-24, 2950C-24, and 2950T-24 switches and the software releases supporting them. The serial numbers are on the switch rear panel.

Port Configuration Conflicts

Certain combinations of port features create configuration conflicts (see Table 9). If you try to enable incompatible features, CMS issues a warning message, and you cannot make the change. Reload the page to refresh CMS.

In Table 9, No means that the two referenced features are incompatible, and both should not be enabled; Yes means that both can be enabled at the same time and do not cause an incompatibility conflict. Adash means not applicable.

SPAN Limitation

When using the SPAN feature, the monitoring port receives copies of sent and received traffic for all monitored ports. If the monitoring port is oversubscribed, it will probably become congested. This might also affect how one or more of the monitored ports forwards traffic.

Important Notes

This section describes important information related to this IOS release. These sections are included:

IOS Notes

These notes applies to IOS configuration:

•When an 802.1X-authenticated client is disconnected from an IP phone, hub, or switch and does not send an EAPOL-Logoff message, the switch interface does not transition to the unauthorized state. If this happens, it can take up to 60 minutes for the interface to transition to the unauthorized state when the re-authentication time is the default value (3600 seconds).

The workaround is to change the number of seconds between re-authentication attempts by using the dot1x timeout re-authperiod seconds global configuration command. (CSCdz38483)

CMS Notes

Read-Only Mode in CMS

CMS provides two levels of access to the configuration options. If your privilege level is 15, you have read-write access to CMS. If your switch privilege level is from 1 to 14, you have read-only access to CMS. In the read-only mode, some data is not displayed, and an error message appears when these switches are running these software releases:

In the Front Panel view or Topology view, CMS does not display error messages. In the Front Panel view, if the switch is running one of the software releases listed previously, the device LEDs do not appear. In Topology view, if the member is a Long-Reach Ethernet (LRE) switch, the customer premises equipment (CPE) devices that are connected to the switch do not appear. The Bandwidth and Link graphs also do not appear in these views.

To view switch information, you need to upgrade the member switch software. For information about upgrading switch software, see the "Downloading Software" section.

Configuring CMS

These notes apply to the CMS configuration:

•If you use CMS on Windows 2000, it might not apply configuration changes if the enable password is changed from the CLI during your CMS session. You have to restart CMS and enter the new password when prompted. Platforms other than Windows 2000 prompt you for the new enable password when it is changed.

•If you use Internet Explorer Version 5.5 and select a URL with a nonstandard port at the end of the address (for example, www.add.com:84), you must enter http:// as the URL prefix. Otherwise, you cannot launch CMS.

•Within an ACL, you can change the sequence of ACEs that have the host keyword. However, because such ACEs are independent of each other, the change has no effect on the way the ACL filters traffic.

•If you use the Netscape browser to view the CMS GUI and you resize the browser window while CMS is initializing, CMS does not resize to fit the window.

Resize the browser window again when CMS is not busy.

•CMS does not start if the temporary directory on your computer runs out of memory. This problem can occur because of a bug in the 1.2.2 version of the Java plug-in. The plug-in creates temporary files in the directory whenever it runs CMS, and the directory eventually runs out of plug-in space.

The workaround is to remove all the jar_cache*.tmp files from the temporary directory. The path to the directory is different for different operating systems:

VLAN Notes

These notes apply to VLAN configuration:

•The management interface configuration command is not supported in Release 12.1(6)EA2 or later. To shut down the current management VLAN interface and to enable the new management VLAN interface, use the shutdown and no shutdown interface configuration commands. Refer to the Catalyst 2950 and Catalyst 2955 Switch Command Reference for information about using the shutdown interface configuration command.

•If VLAN1 or VLANs 1002 to 1005 are removed from a trunk port, the switch no longer receives Cisco Discovery Protocol (CDP) or VLAN Trunking Protocol (VTP) frames. VLAN minimization is not supported on the Catalyst 2950 switch. You cannot remove VLAN1 or VLANs 1002 to 1005 from the allowed VLAN list. (CSCdz22629)

IGMP Filtering

IGMP filtering controls only group specific query and membership reports, including join and leave reports. It does not control general IGMP queries.

Open Caveats

Note All listed open caveats apply to both the Catalyst 2950 and Catalyst 2955 switches unless otherwise noted.

Open IOS Caveats

These are the severity 3 IOS configuration caveats:

•CSCdp85954

Root guard is inconsistent when configured on a port that is in the STP blocked state at the time of configuration.

There is no workaround.

•CSCdr96565

Aging of dynamic addresses does not always occur exactly after the specified aging time elapses. It might take up to three times this time period before the entries are removed from the table.

There is no workaround.

•CSCds58369

If the switch gets configured from the dynamic IP pool, a duplicate or different IP address might be assigned.

The workaround is to make sure that the DHCP server contains reserved addresses that are bound to each switch by the switch hardware address so that the switch does not obtain its IP address from the dynamic pool.

•CSCds20365

Internal loopback in half-duplex mode causes input errors. We recommend that you configure the PHY to operate in full duplex before setting the internal loopback.

There is no workaround.

•CSCdt24814 (formerly CSCdt2481)

A source-based distribution port group does not share the broadcast with all the group members. When the destination of the packets is a broadcast or unknown unicast or multicast, the packets are forwarded only on one port member of a port group, instead of being shared among all members of the port group.

There is no workaround.

•CSCdt27223

When you enter the show controllers ethernet-controller interface-id or show interfaces interface-id counters privileged EXEC command, if a large number of erroneous frames are received on an interface, the receive-error counts might be smaller than the actual values, and the receive-unicast frame count might be larger than the actual frame count.

There is no workaround.

•CSCdt48011

Two problems occur when the switch is in transparent mode:

–If the switch is a leaf switch, any new VLANs added to it are not propagated upstream through VTP messages. As a result, the switch does not receive flooded traffic for that VLAN.

–If the switch is connected to two VTP servers, it forwards their pruning messages. If the switch has a port on a VLAN that is not requested by other servers through their pruning messages, it does not receive flooded traffic for that VLAN.

There is no workaround.

•CSCdu83640

The receive count output for the show controllers ethernet-controllerinterface-id privileged EXEC command shows the incoming packets count before the ASIC makes a decision of whether to drop the packet or not. Therefore, for ports in the STP blocking states, even though the receive count shows incoming frames, the packet is not forwarded to the other port.

There is no workaround.

•CSCdv02941

In some network topologies, when UplinkFast is enabled on all Catalyst 2950 or Catalyst 2955 switches and BackboneFast is not enabled on all switches, a temporary loop might be caused when the STP root switch is changed.

The workaround is to enable BackboneFast on all switches.

•CSCdv19671

At times, the Window-XP pop-up window might not appear while authenticating a client (supplicant) because the user information is already stored in Windows XP. However, the Extensible Authentication Protocol over LAN (EAPOL) response to the switch (authenticator) might have an empty userid that causes the 802.1X port to be deauthenticated.

The workaround is to manually re-initiate authentication by either logging off or detaching the link and then reconnecting it.

•CSCdv27247

If two switches are used in a network and if access ports are used to connect two different VLANs whose VLAN IDs are separated by the correct multiple of 64, it is possible to create a situation where the two switches use the same bridge ID in the same spanning-tree instances. This might cause a loss of connectivity in the VLAN because the spanning tree blocks the ports that should be forwarding.

The workaround is to not cross-connect VLANs. For example, do not use an access port to connect VLAN 1 to VLAN 65 on either the same switch or from one switch to another switch.

•CSCdv34505

The Catalyst 2950 or Catalyst 2955 command switch might not show the Catalyst 1900, Catalyst 2820, and Catalyst 2900 XL 4-MB (models C2908-XL, C2916M-XL, C2924C-XL, and C2924-XL) switches as candidates even though their management VLAN is the same as the command switch. This occurs only when their management VLAN is not VLAN 1.

There is no workaround.

•CSCdv44005

A Catalyst 2950 command switch running Release 12.1(6)EA2 cannot use the rcommand privileged EXECcommand to start a Telnet session on a Catalyst 3550 member running IOS Release 12.1(4)EA1 when the aaa authorization exec default group tacacs+ global configurationcommandis configured on both the command switch and the member.

The workaround is to upgrade the Catalyst 3550 switch to Release 12.1(6)EA1a.

•CSCdv49871

A command switch can discover only the first Catalyst 3550 switch if the link between the Catalyst 3550 switches is an 802.1Q trunk and the native VLAN is not the same as the management VLAN of the Catalyst 2950 switch or if the link between the Catalyst 3550 switches is an ISL trunk and the management VLAN is not VLAN 1.

The workaround is to connect Catalyst 3550 switches by using the access link on the command switches management VLAN or to configure an 802.1Q trunk with a native VLAN that is the same as the management VLAN of the command switch.

•CSCdv62271

There might be a link on the Fast Ethernet port of the switch when it is forced to 10 Mbps and full-duplex mode and its link partner is forced to 100 Mbps and forced duplex mode. The LED on the switch might display the link, and the error counters might increment.

The workaround is to configure both sides of a link to the same speed or use auto-negotiation.

•CSCdv67047

The ip http authentication enable global configuration command is not saved to the configuration file because this is the default configuration. Therefore, this configuration is lost after a reboot.

The workaround is to manually enter the command again after a reboot.

•CSCdv82224

If a stack that has Catalyst 2950 or Catalyst 2955 switches also has Catalyst 2900 XL or Catalyst 3500 XL switches, cross-stack UplinkFast (CSUF) does not function if the management VLAN on the Catalyst 2900 XL or Catalyst 3500 XL switches is changed to a VLAN other than VLAN 1 (the default).

The workaround is to make sure that the management VLANs of all Catalyst 2900 XL or 3500 XL switches in the stack are set to VLAN 1.

•CSCdw02638

If a port is configured as a secure port with the violation mode as restrict, the secure ports might process packets even after maximum limit of MAC addresses is reached, but those packets are not forwarded to other ports.

There is no workaround.

•CSCdw48441

The discarded frames count of the show controllers ethernet-controller privileged EXEC command output and the ignored count of the show controller ethernet privileged EXEC command output can increment for these reasons:

–The source and destination ports are the same.

–The spanning-tree state of the ingress port is not in the forwarding state.

–Traffic is filtered because of unicast or multicast storms are on the port.

–Traffic is dropped because a VLAN has not been assigned by VLAN Query Protocol (VQP).

Note This error occurs only on switches that can run Release 12.1(6)EA2 or earlier.

There is no workaround.

•CSCdx75308

When you use the policy-map global configuration command to create a policy map, and you do not specify any action for a class map, the association between that class map and policy map is not saved when you exit policy-map configuration mode.

The workaround is to specify an action in the policy map.

•CSCdx79221

When you set the c2900PortUseageApplication object value in the CISCO-C2900 MIB to monitor, portgroupDest, portGrouping, network, or networkGroup, the setting is rejected.

The workaround for the monitor keyword is to use the CLI to configure a SPAN session.

The workaround for the portGroupDest and portGrouping values is to use the EtherChannel CLI commands to configure load balancing.

There are no workarounds for the network and networkGroup values. These are unsupported values.

•CSCdy08716

A switch does not use the default gateway address in the DHCP offer packet from the server during automatic-install process.

The workaround is to manually assign an IP address to the switch.

•CSCdy30416

When you enter an snmp-server host global configuration command with a non-existent community-string value, the Community Strings tag shows a non-existent community string. This creates a community with only notification-view access.

Note When you remove the command, the configuration needs to be checked for any other instances of snmp-server host for a given community. If there are none, the community (view) should be deleted.

The workaround is to:

a. Remove the command.

b. Configure the community as read-write.

c. Remove the community as read-write.

d. Configure the community as read-only.

e. Remove the community as read-only.

•CSCdy65850

If you assign a non-existent VLAN ID to a static-access EtherChannel by setting the ciscoVlanMembershipMIB:vmVlan object, the switch does not create the VLAN in the VLAN database.

There is no workaround.

•CSCdy65883

On Gigabit Ethernet interfaces, if the pagpEthcOperationMode object value is set to pagpOn, the running configuration on the CLI incorrectly shows that the PAgP mode is set to auto. The PAgP mode should be desirable.

There is no workaround.

•CSCdy68250

Regardless of the power mode (single or dual) that is being used on a Catalyst 2955 switch, the power status LED is red if an associated power supply is not present.

The workaround is to follow one of these guidelines:

–Use the default single power mode, and ignore the red LED for the empty secondary power supply inputs.

–Connect jumper wires from the primary power supply inputs to the empty power supply inputs so that both power status LEDs show status for the primary power supply.

•CSCdy74927

If ports in an EtherChannel do not meet specific conditions, you might not be able to create or modify the EtherChannel.

The workaround is to follow these guidelines:

–If the port is already assigned to an EtherChannel, do not change the mode from an LACP mode (active or passive mode) to a PAgP mode (auto or desirable mode) or from the on mode to an LACP or PAgP mode.

–Set all ports in the EtherChannel to the same mode, such as a PAgP mode, an LACP mode, or the on mode.

If the ports are set to a PAgP mode, set the port priority from 0 to 255.

If the ports are set to an LACP mode, set the port priority from 1 to 65535.

If the ports are set to on mode, do not set a port-priority.

–Do not assign a port to an EtherChannel when SPAN, port security, or 802.1X is configured on the port.

–Make sure that the channel-group members belong to the same allowed range of VLANs and that members are either all static-access or all trunk ports. For all trunk ports, the native VLAN, allowed VLANs on the trunk, and the VLANs in the pruning-eligible list must be the same.

–Dynamic-access ports cannot belong to a channel group.

•CSCdy75471

After a Catalyst 2950 or Catalyst 2955 switch reloads, if a multicast dynamic MAC address is manually configured on a trunk port, traffic to this multicast address is sent to the incorrect native VLAN.

The workaround is to remove the multicast dynamic MAC address that was manually configured and then configure the multicast address as a static MAC address.

•CSCdy80581

The dot3StatsTable in the ETHERLIKE-MIB incorrectly shows high values. For example, it can show these values for the VLAN interface statistics:

–dot3StatsMultipleCollisionFrames (5) = 2162549484

– dot3StatsDeferredTransmissions (7) = 2152977356

– dot3StatsLateCollisions (8) = 161

There is no workaround.

•CSCdy87390

When IGMP snooping is enabled on a switch, if it receives an IGMP report from a client port and sends the packet to a router port, the switch adds a 4-byte frame check sequence (FCS) to the end of the frame, which changes the length of the frame from 64 bytes to 68 bytes.

There is no workaround.

•CSCdz00065

When a link is down, this message might not appear:

Interface changed state to down

There is no workaround.

•CSCdz00380

If you reconfigure a dynamic access port as a static access port and manually assign the same VLAN that was allocated by the VLAN Membership Policy Server (VMPS) server, the port does not learn new addresses and behaves as dynamic access port.

The workaround is to shut down the port and then enable it by using the shutdown and no shutdown interface configuration commands.

•CSCdz12991

If the system board test fails during the power-on self-test (POST), the polling c2900InfoSelfTestFailed object value is 0x80, which means the test failed, but the output from the show post privileged EXEC command shows that the system board test passed.

There is no workaround.

•CSCdz13456

If you change a management VLAN so that it is no longer the default VLAN, you might not be able to ping the VLAN Membership Policy Server (VMPS) server that is directly connected to it.

The workaround is to reload the switch.

•CSCdz14682

Time-based DSCP quality of service (QoS) filters that have inactive access control lists (ACLs) can still be in effect after the timerange has expired.

There is no workaround.

•CSCdz22925

When you attach four access control lists (ACLs) that each have different masks to different interfaces, and then try to attach a policy to one of those interfaces, a no free mask error is displayed, but the policy is still attached to the interface.

This error only occurs with class maps of this type:

class-map cm match ip dscp <dscp-value>

There is no workaround.

•CSCdz24645

On Gigabit Ethernet interfaces, you cannot remove static MAC addresses by using the dot1dStaticStatus object in SNMP.

The workaround is to remove static MAC addresses by using the CLI.

•CSCdz31076

When configuring 802.1X with dynamic VLAN assignment on a switch, the Tunnel-Private-Group-ID field in the Radius server must be configured with a VLAN number.

The Catalyst 2950 and Catalyst 2955 switches do not support the Tunnel-Private-Group-ID field when it is configured as a VLAN name.

There is no workaround.

•CSCdz34545

The output from the show stack privileged EXEC command might show a large number of spurious interrupts.

There is no workaround. The number of interrupts does not affect the switch functionality.

•CSCdz72613

Before and after the switch reloads, this message appears:

Bootstrap Emulator called with code 45

There is no workaround. This message does not affect the switch functionality.

Open Cluster Configuration Caveats

These are the severity 3 cluster caveats:

•CSCdp82354

You can use Cluster Manager to configure a HSRP standby group and bind it to a cluster. However, you cannot use Cluster Manager to configure more than one standby group. If you want to configure more than one standby group, use the CLI.

–Catalyst 3500 XL switch that is connected to either a Catalyst 2950 switch running Release 12.1(6)EA2 or later or a Catalyst 3550 switch

The command switch then does not find any cluster candidates beyond the Catalyst 2950 or 3550 switch if it is not a member of the cluster.

The workaround is to add the Catalyst 2950 or 3550 switch to the cluster. You can then see any cluster candidates connected to it.

Open CMS Caveats

These are the severity 3 CMS configuration caveats:

• CSCdv56582

In the CMS topology view, icons for the fiber-optic, ATM, and FDDI links are not visible.

There is no workaround.

•CSCdv82352

A red border appears around the text-entering area of some CMS dialogs. The color of the border changes to green when text is entered. This is only a cosmetic error. The colored border does not prevent you from entering text.

There is no workaround.

Note This error only occurs with Java plug-in 1.4.0.

•CSCdw87550

You cannot switch modes (for example, from Guide Mode to Expert Mode) for an open CMS window.

The workaround is to close the open window, select the mode that you want, and then reopen the CMS window.

Note For the mode change to take effect on any other CMS window that is open, you need to close that window and then reopen it after you select the new mode.

•CSCdx73168

Log scaling does not appear in a link graph until the first data values appear in the graph. This happens when you are using any of the supported operating systems, browsers, or java plug-ins.

There is no workaround.

•CSCdx88994

In read-only mode, time ranges are not displayed. See the "CMS Notes" section for more information about CMS modes.

There is no workaround.

•CSCdy36743

You cannot add a switch that does not have Terminal Access Control Access System Plus (TACACS+) configured on it to a cluster if all the other cluster members are configured with TACACS+.

The workaround is to configure TACACS+ on the switch before adding it to the cluster.

•CSCdy47214

You cannot add a class to a new policy when you launch Device > QoS > Policies in Guide Mode.

The workaround is to launch Device > QoS > Policies in Expert Mode, and then add the class to the policy.

•CSCdz04048

When a Catalyst 2950 switch is using a Cisco Redundant Power System (RPS) 300, the icon for that switch might appear yellow instead of green.

There is no workaround.

•CSCdz05782

When you click the Create button to create a quality of service (QoS) policy, enter a policy name that already exists, and then click Add Class, the Add Class to QoS Policy window appears. CMS should not open this window for an existing QoS policy.

There is no workaround.

•CSCdz07672

When one of two switches in a link is down, the link might appear green. This could happen when you are using any of the supported operating systems, browsers, or java plug-ins.

There is no workaround.

•CSCdz11352

When you select multiple interfaces from the quality of service (QoS) window, you cannot override the class of service (CoS) settings for these interfaces.

The workaround is to select each interface and override their CoS settings one at a time.

•CSCdz17299

If you delete an access control list (ACL) that is associated with a QoS and then launch the Modify QoS Trust Settings window, the wrong ACL is shown to be associated with the QoS.

There is no workaround.

•CSCdz21201

If you create a time-range entry that is active only on specific days, it might not work if you modify it later.

The workaround is to delete that time-range entry and create it again.

•CSCdz21478

When you select and delete multiple time ranges from the access control list (ACL) window, not all of the time ranges are deleted.

This is an intermittent problem. The workaround is to reselect the time ranges and try to delete them again.

•CSCdz23548

When you use Visual Switch Manager (VSM) to configure Catalyst 2900 XL and Catalyst 3500 XL switches, the configuration is not saved if you save it in VSM.

The workaround is to save the configuration by using the CLI.

•CSCdz26503

You cannot use CMS to disable port security on cluster members.

The workaround is to use the no port security interface configuration command to disable port security on each cluster member.

•CSCdz26631

When you run a link graph report on a connected port selected from the Front Panel view, the graph displays data for the first connected port, regardless of the port you select.

The workaround is to select a port from the Link Graph window instead of the Front Panel view.

•CSCdz38000

CMS does not work when a switch is running the crypto software image and the vty lines are configured to use only secure shell (SSH) by using the transport input ssh line vty 0 15 interface configuration command.

The workaround is to allow SSH and Telnet access through the vty lines by using the transport input ssh telnet interface configuration command.

IOS Caveats Resolved in Release 12.1(12c)EA1

The UniDirectional Link Detection (UDLD) protocol now detects a unidirectional link when there is a loop between the TX and RX strands on the same port (TX/RX loop condition).

•CSCdw06074

Layer 3 CPU packets from a SPAN-source port configured to monitor sent traffic are now mirrored to the SPAN-destination port on a Catalyst 2950 switch.

•CSCdx65965

The Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide now describes when a switch can automatically obtain an IP address from a Dynamic Host Configuration Protocol (DHCP) server and when you must manually assign an IP address to the switch.

•CSCdx93122

You can remove default VLANs from the allowed list on a trunk port.

Cluster Caveat Resolved in Release 12.1(12c)EA1

This cluster caveat was resolved in Release 12.1(12c)EA1:

•CSCdw10837

When a Catalyst 2950 cluster command switch is running Release 12.1(6)EA2 or later and you enter the no cluster commander-address global configuration command on a member switch in this cluster, that member switch can now be removed from the cluster even if there are member switches beyond that switch.

CMS Caveat Resolved in Release 12.1(12c)EA1

This CMS caveat was resolved in Release 12.1(12c)EA1:

•CSCdw01109

When a Catalyst 3550 switch is a member switch and a Catalyst 2950 switch is the command switch in a cluster, the Catalyst 3550 switch now shows egress policy information in the Attach tab of the QoS Policies window.

These changes will be included in the next version of the documentation.

References to the Cisco Documentation CD-ROM

The documentation for the Catalyst 2950 switches incorrectly refers to the Cisco Documentation CD-ROM. The Catalyst 2950 switches no longer ship with this CD-ROM.

Addition to the Command Reference

The show controllers ethernet-controller privileged EXEC command was omitted in the Catalyst 2950 and Catalyst 2955 Switch Command Reference for this release.

show controllers ethernet-controller

Use the show controllers ethernet-controller privileged EXEC command without keywords to display per-interface send and receive statistics read from the hardware. Use with keywords to display the interface internal registers.

show controllers ethernet-controller

no show controllers ethernet-controller

Syntax Description

interface-id

The physical interface.

asic

(Optional) Display the state of the internal registers on the forwarding application-specific integrated circuit (ASIC) for the interface.

phy

(Optional) Display the status of the internal registers on the switch physical layer device (PHY) for the interface.

| begin

(Optional) Display begins with the line that matches the expression.

| exclude

(Optional) Display excludes lines that match the expression.

| include

(Optional) Display includes lines that match the specified expression.

expression

Expression in the output to use as a reference point.

Command Modes

Privileged EXEC

Command History

Release

Modification

12.1(12c)EA1

This command was introduced.

Usage Guidelines

This display without keywords provides traffic statistics, basically the RMON statistics for the interface.

When you enter the asic or phy keyword, the displayed information is useful primarily for Cisco technical support representatives troubleshooting the switch.

Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.

Examples

This is an example of output from the show controllers ethernet-controller command:

Switch# show controllers ethernet-controller gigabitethernet0/2

Transmit GigabitEthernet0/2 Receive

3617834078 Bytes 39726165 Bytes

419261 Unicast frames 161535 Unicast frames

82798461 Multicast frames 146421 Multicast frames

12718 Broadcast frames 1 Broadcast frames

0 Discarded frames 0 No dest, unicast

0 Too old frames 43 No dest, multicast

0 Deferred frames 0 No dest, broadcast

0 1 collision frames

0 2 collision frames 0 Alignment errors

0 3 collision frames 0 FCS errors

0 4 collision frames 0 Oversize frames

0 5 collision frames 0 Undersize frames

0 6 collision frames 0 Collision fragments

0 7 collision frames

0 8 collision frames 220108 Minimum size frames

0 9 collision frames 60959 65 to 127 byte frames

0 10 collision frames 0 128 to 255 byte frames

0 11 collision frames 26931 256 to 511 byte frames

0 12 collision frames 0 512 to 1023 byte frames

0 13 collision frames 0 1024 to 1518 byte frames

0 14 collision frames

0 15 collision frames 0 Flooded frames

0 Excessive collisions 0 Overrun frames

0 Late collisions 16 VLAN filtered frames

0 Good (1 coll) frames 0 Source routed frames

0 Good(>1 coll) frames 0 Valid oversize frames

0 Pause frames 0 Pause frames

0 VLAN discard frames 0 Symbol error frames

0 Excess defer frames 0 Invalid frames, too large

0 Too large frames 0 Valid frames, too large

80469577 64 byte frames 0 Invalid frames, too small

2605574 127 byte frames 3 Valid frames, too small

58711 255 byte frames

26956 511 byte frames

70222 1023 byte frames

0 1518 byte frames

Related Commands

Command

Description

show interfaces

Displays the administrative and operational status of all interfaces or a specified interface.

Corrections to the Software Configuration Guide

These are corrections for the Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide:

•In the "Using 802.1X with VLAN Assignment" section on page 10-6 of the Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide, the information about assigning vendor-specific attributes in the RADIUS server is incorrect. This is the correct information:

Assign vendor-specific tunnel attributes in the RADIUS server. The RADIUS server must return these attributes to the switch:

Note You can assign only one VLAN number to the 802.1X-authenticated user.

The Catalyst 2950 switch does not support the Tunnel-Private-Group-ID field when it is configured as a VLAN name. (CSCdz31076)

•In the "Displaying QoS Information" section on page 27-35, this information in Table 27-8 is incorrect: You can define up to 13 DSCP values for which byte or packet statistics are gathered by hardware by using the show mls qos interface statistics privileged EXEC command.

The Catalyst 2950 switch does not support the show mls qos interface statistics privileged EXEC command.

–In full-duplex mode, the cable length from the 100BASE-FX port on a switch to an attached device cannot exceed 6562 feet (2 kilometers).

–In full-duplex mode, the cable length from the 1000BASE-SX port on a switch to an attached device cannot exceed 1804 feet (550 meters).

Corrections to the Catalyst 2955 Hardware Installation Guide

These warnings have been updated for the Catalyst 2955 Hardware Installation Guide.

Switch and Alarm Circuit Warning

Warning

When you connect or disconnect the power and relay connector with power applied, an electrical arc can occur. This could cause an explosion in hazardous area installations. Be sure that power is removed from the switch and alarm circuit. Be sure that power cannot be accidentally turned on or verify that the area is nonhazardous before proceeding.

Failure to securely tighten the power and relay connector captive screws can result in an electrical arc if the connector is accidentally removed.

DC Circuit Power Warning

Warning

In switch installations in a hazardous location, the DC power source could be located away from the vicinity of the switch. Before performing any of the following procedures, locate the DC circuit to ensure that the power is removed and cannot be turned on accidentally, or verify that the area is nonhazardous before proceeding.

Relay Wires Warning

Warning

The switch relays are rated at 1 Amp and have a voltage limit of 30 VDC and 0.3 Amp at a voltage limit of 125 VAC. It is dangerous to exceed these limitations in a hazardous environment.

An electrical arc can occur when you connect or disconnect the relay wires with field side power applied. This could cause an explosion in switch installations in a hazardous location. Before proceeding, be sure that power is removed or the area is not hazardous.

Substitution of Components Warning

Warning

Do not disconnect connections to this equipment unless power has been removed or you have verified that the area is nonhazardous. Secure any external connections that mate to this equipment by using screws, sliding latches, threaded connectors, or other means provided with this product.

"Open Type" Equipment Warning

Warning

This equipment is supplied as "open type" equipment. It must be mounted within an enclosure that is suitably designed for those specific environmental conditions that will be present and appropriately designed to prevent personal injury resulting from accessibility to live parts. The interior of the enclosure must be accessible only by the use of a tool.

Switch Operation Warning

Warning

If you connect or disconnect the console cable with power applied to the switch or any device on the network, an electrical arc can occur. This could cause an explosion in hazardous location installations. Be sure that power is removed or the area is nonhazardous before proceeding.

To verify switch operation, perform POST on the switch in a nonhazardous location before installation.

Ambient Temperature of 140°F Warning

Warning

To prevent the switch from overheating, do not operate it in an area that exceeds the maximum recommended ambient temperature of 140°F (60°C). To prevent airflow restriction, allow at least 3 inches (7.6 cm) of clearance around the ventilation openings.

Suitable Enclosure Warning

Warning

When used in a Class I, Division 2, hazardous location, this equipment must be mounted in a suitable enclosure with proper wiring method, for all power, input and output wiring, that complies with the governing electrical codes and in accordance with the authority having jurisdiction over Class I, Division 2 installations.

Pollution Degree 2 Warning

Warning

This equipment is intended for use in a Pollution Degree 2 industrial environment, in overvoltage Category II applications (as defined in IEC publication 60664-1), and at altitudes up to 2000 meters without derating.

Power to the Switch Warning

Warning

Do not connect or disconnect cables to the ports while power is applied to the switch or any device on the network because an electrical arc can occur. This could cause an explosion in hazardous location installations. Be sure that power is removed from the switch and cannot be accidentally be turned on, or verify that the area is nonhazardous before proceeding.

Related Documentation

The software documents are not shipped with the product, but you can access them under the appropriate IOS software release on Cisco.com. You can order printed copies of documents with a DOC-xxxxxx= number from the Cisco.com sites and from the telephone numbers listed in the "Obtaining Documentation" section.

Documentation CD-ROM

Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM package, which may have shipped with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or through an annual subscription.

Registered Cisco.com users can order the Documentation CD-ROM (product number DOC-CONDOCCD=) through the online Subscription Store:

Obtaining Technical Assistance

Cisco provides Cisco.com, which includes the Cisco Technical Assistance Center (TAC) Website, as a starting point for all technical assistance. Customers and partners can obtain online documentation, troubleshooting tips, and sample configurations from the Cisco TAC website. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC website, including TAC tools and utilities.

Cisco.com

Cisco.com offers a suite of interactive, networked services that let you access Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world.

Cisco.com provides a broad range of features and services to help you with these tasks:

Technical Assistance Center

The Cisco TAC is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two levels of support are available: the Cisco TAC website and the Cisco TAC Escalation Center. The avenue of support that you choose depends on the priority of the problem and the conditions stated in service contracts, when applicable.

•Priority level 2 (P2)—Your production network is severely degraded, affecting significant aspects of business operations. No workaround is available.

•Priority level 1 (P1)—Your production network is down, and a critical impact to business operations will occur if service is not restored quickly. No workaround is available.

Cisco TAC Website

You can use the Cisco TAC website to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC website, go to this URL:

All customers, partners, and resellers who have a valid Cisco service contract have complete access to the technical support resources on the Cisco TAC website. Some services on the Cisco TAC website require a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to this URL to register:

Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled: for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). When you call the center, please have available your service agreement number and your product serial number.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

•The Cisco Product Catalog describes the networking products offered by Cisco Systems as well as ordering and customer support services. Access the Cisco Product Catalog at this URL:

•Cisco Press publishes a wide range of networking publications. Cisco suggests these titles for new and experienced users: Internetworking Terms and Acronyms Dictionary, Internetworking Technology Handbook, Internetworking Troubleshooting Guide, and the Internetworking Design Guide. For current Cisco Press titles and other information, go to Cisco Press online at this URL:

•Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in the design, development, and operation of public and private internets and intranets. You can access the Internet Protocol Journal at this URL: